Received privsep problem after updating

[max-maximus]

Hi, After almost a month of troubleshooting and researching... It got me here. I found some issues about privsep and privilege droping to user nobody (believe this is my problem )but I don't know what to do. Please help

Generated RSA key for leaf certs. SSLsplit 0.5.3 (built 2018-07-28) Copyright (c) 2009-2018, Daniel Roethlisberger daniel@roe.ch https://www.roe.ch/SSLsplit Build info: V:FILE HDIFF:0 N:659a166 Features: -DHAVE_NETFILTER NAT engines: netfilter* tproxy netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST Local process info support: no compiled against OpenSSL 1.1.0h 27 Mar 2018 (1010008f) rtlinked against OpenSSL 1.1.0h 27 Mar 2018 (1010008f) OpenSSL has support for TLS extensions TLS Server Name Indication (SNI) supported OpenSSL is thread-safe with THREADID Using SSL_MODE_RELEASE_BUFFERS SSL/TLS protocol availability: tls10 tls11 tls12 SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG compiled against libevent 2.1.8-stable rtlinked against libevent 2.1.8-stable 4 CPU cores detected SSL/TLS protocol: negotiate proxyspecs:

• [0.0.0.0]:10025 tcp netfilter
• [0.0.0.0]:10465 ssl netfilter
• [0.0.0.0]:10110 tcp netfilter
• [0.0.0.0]:10995 ssl netfilter
• [0.0.0.0]:10143 tcp netfilter
• [0.0.0.0]:10993 ssl netfilter
• [0.0.0.0]:10080 tcp|http netfilter
• [0.0.0.0]:10443 ssl|http netfilter Loaded CA: '/C=ZA/ST=Gauteng/L=Pretoria/O=SensePost/OU=MANA/CN=MANA/emailAddress=research@sensepost.com' Created self-pipe [r=4,w=5] Created chld-pipe [r=6,w=7] Created socketpair 0 [p=8,c=9] Created socketpair 1 [p=10,c=11] Created socketpair 2 [p=12,c=13] Using libevent backend 'epoll' Event base supports: edge yes, O(1) yes, anyfd no Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 03 sz 5 on srvsock 8 Received privsep req type 00 sz 1 on srvsock 8 Inserted events: 0xb8aa84f8 [fd 5] Read Persist Internal 0xb8aa8614 [fd 7] Read Persist Internal 0xb8aa8994 [fd 8] Read Persist 0xb8aa89fc [fd 10] Read Persist 0xb8aa8a74 [fd 12] Read Persist 0xb8aa8aec [fd 14] Read Persist 0xb8aa8b64 [fd 15] Read Persist 0xb8aa8bdc [fd 16] Read Persist 0xb8aa8c6c [fd 17] Read Persist 0xb8aa8cfc [fd 18] Read Persist 0xb8aa6cd0 [sig 1] Signal Persist 0xb8aa8dd0 [sig 2] Signal Persist 0xb8aa6a38 [sig 3] Signal Persist 0xb8aa8fc0 [sig 10] Signal Persist 0xb8aa8ec8 [sig 13] Signal Persist 0xb8aa1eb0 [sig 15] Signal Persist 0xb8aa90b8 [fd -1] Persist Timeout=1541039014.069737 Active events: Initialized 8 connection handling threads Received privsep req type 00 sz 1 on srvsock 12 Started 8 connection handling threads Starting main event loop.

[sonertari]

SSLsplit 0.5.4 is released, so please try the latest version. And what is the issue?

[max-maximus]

I still get same privsep messages

SSLsplit 0.5.4-2-g3940e75 (built 2018-11-02) Copyright (c) 2009-2018, Daniel Roethlisberger daniel@roe.ch https://www.roe.ch/SSLsplit Build info: V:GIT Features: -DHAVE_NETFILTER NAT engines: netfilter* tproxy netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST Local process info support: no compiled against OpenSSL 1.1.1 11 Sep 2018 (1010100f) rtlinked against OpenSSL 1.1.1 11 Sep 2018 (1010100f) OpenSSL has support for TLS extensions TLS Server Name Indication (SNI) supported OpenSSL is thread-safe with THREADID OpenSSL has engine support Using SSL_MODE_RELEASE_BUFFERS SSL/TLS protocol availability: tls10 tls11 tls12 SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG compiled against libevent 2.1.8-stable rtlinked against libevent 2.1.8-stable compiled against libnet 1.1.6 rtlinked against libnet 1.1.6 compiled against libpcap n/a rtlinked against libpcap 1.8.1 4 CPU cores detected Non spoofing imap.gmail.com Non spoofing to 127.0.0.1 Specific domain IP .domain.com with 192.168.1.1 DNS Forwarding activado.... binded to UDP port 53. waiting requests. Generated RSA key for leaf certs. SSL/TLS protocol: negotiate proxyspecs:

• [0.0.0.0]:10025 tcp netfilter
• [0.0.0.0]:10465 ssl netfilter
• [0.0.0.0]:10110 tcp netfilter
• [0.0.0.0]:10995 ssl netfilter
• [0.0.0.0]:10143 tcp netfilter
• [0.0.0.0]:10993 ssl netfilter
• [0.0.0.0]:10080 tcp|http netfilter
• [0.0.0.0]:10443 ssl|http netfilter Loaded CA: '/C=ZA/ST=Gauteng/L=Pretoria/O=SensePost/OU=MANA/CN=MANA/emailAddress=research@sensepost.com' Privsep fastpath disabled Created self-pipe [r=6,w=7] Created chld-pipe [r=8,w=9] Created socketpair 0 [p=10,c=11] Created socketpair 1 [p=12,c=13] Created socketpair 2 [p=14,c=15] Created socketpair 3 [p=16,c=17] Created socketpair 4 [p=18,c=19] Created socketpair 5 [p=20,c=21] Privsep parent pid 577 Privsep child pid 590 Using libevent backend 'epoll' Event base supports: edge yes, O(1) yes, anyfd no Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 03 sz 5 on srvsock 10 Received privsep req type 00 sz 1 on srvsock 10 Dropped privs to user nobody group - chroot - Inserted events: 0xb714b500 [fd 7] Read Persist Internal 0xb714b61c [fd 9] Read Persist Internal 0xb714b974 [fd 10] Read Persist 0xb714b9dc [fd 12] Read Persist 0xb714ba54 [fd 14] Read Persist 0xb714bacc [fd 16] Read Persist 0xb714bb44 [fd 18] Read Persist 0xb714bbbc [fd 20] Read Persist 0xb714bc34 [fd 22] Read Persist 0xb714bcc4 [fd 23] Read Persist 0xb714c3e8 [sig 1] Signal Persist 0xb714c4e0 [sig 2] Signal Persist 0xb7148008 [sig 3] Signal Persist 0xb714c690 [sig 10] Signal Persist 0xb714bdb8 [sig 13] Signal Persist 0xb7145878 [sig 15] Signal Persist 0xb714c768 [fd -1] Persist Timeout=1541137287.948177 Active events: Received privsep req type 00 sz 1 on srvsock 12 Received privsep req type 00 sz 1 on srvsock 18 Received privsep req type 00 sz 1 on srvsock 20 Initialized 8 connection handling threads Started 8 connection handling threads Starting main event loop.

[sonertari]

What is the issue? What are the "privsep messages" you are talking about? I don't see any error messages in the output you have posted above. The privsep messages above seem fine to me.

Yes, you probably should try a user other than nobody, e.g. try with root, but what is the problem first?

[max-maximus]

If the output seems fine to you, then there is no problem. I've never seen those messages in output before... My bed. Sorry for disturbance and thank you for your response.

[sonertari]

No problem, I'm closing this issue.